Less than a week after Oracle released its latest Java critical patch update, researchers have found two previously unknown security issues affecting Java 7. The issues are specific to Java SE 7 and affect Update 11 and Update 15 of the software, according to Security Explorations\u2019 CEO Adam Gowdiak. Oracle only released Java SE 7 Update 15 last week, patching five additional CVEs to the fifty in an unscheduled release on February 1 to address a zero day flaw being exploited by attackers.<\/p>\n","protected":false},"excerpt":{"rendered":"
Security experts generally advise users to disable the Java browser plugin, which was exploited in recent targeted attacks on developers at Facebook, Apple and Microsoft.<\/p>\n
Reports of the new Java flaws come as an exploit for a flaw patched in the Java 7 update 13 on February 1 has found its way into automated exploit kits designed for mass infections. <\/p>\n
Security researcher Kafiene, who has closely monitored the development of ransomware and popular exploit kits, on Sunday reported the exploit\u2019s arrival in several crime kits.<\/p>\n
Another, Popads, included an additional lure of a self-generated fake Microsoft certificate for a malicious Java applet that is designed to trick users into installing a fake Java security update.<\/p>\n
The social engineering is \u201ctricky\u201d, Kafiene notes, but the upshot for potential Windows victims is that they need to click \u201crun\u201d in the security warning to become infected.<\/p>\n
Link: http:\/\/www.cso.com.au\/article\/454780\/new_java_7_security_flaws_emerge_old_one_lands_crime_kits\/<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2438","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2438"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2438\/revisions"}],"predecessor-version":[{"id":4925,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2438\/revisions\/4925"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}